Antique brass padlock — security by design

Security & Architecture

Security isn't a feature. It's the foundation.

Every architectural decision was made with a security-first mandate. We don't add security on top — we build everything on top of security.

01

On-Premise First

Your servers. Your country. Your rules.

  • Deploys entirely on your own hardware or private cloud
  • Air-gap capable — zero internet dependency once installed
  • No data ever transmitted to us or any third party
  • Run a local LLM (Ollama/Mistral) with no cloud API calls

02

Zero-Trust Access

Never trust. Always verify.

  • Keycloak OIDC/OAuth2 — every request is authenticated, no session exceptions
  • Role-based access control (RBAC) down to individual database rows via PostgreSQL RLS
  • Multi-tenant isolation: tenants are isolated at the row level via PostgreSQL FORCE RLS — no data co-mingling possible
  • Session revocation takes effect immediately; Keycloak manages IdP-level token lifecycle

03

Cryptographic Audit Chain

Tamper-evident. Forever.

  • Every change produces a SHA-256 hash over the affected record at the application layer
  • Each hash includes the previous record's hash — any modification breaks the chain
  • Audit triggers are SECURITY DEFINER with restricted search_path — immune to injection
  • Full who-changed-what-when trail, queryable in seconds

04

Encryption at Every Layer

Encryption from disk to memory.

  • Field-level encryption for sensitive data at rest — AES-256-GCM for high-security tiers
  • Secrets managed by OpenBao (open-source HashiCorp Vault fork) — keys never hard-coded
  • TLS 1.2/1.3 enforced for all network traffic — no plaintext paths anywhere
  • Encryption metadata stored alongside data for GDPR right-to-erasure compliance

05

Swiss-Made & GDPR-First

Built in Switzerland under the world's strictest privacy laws.

  • Developed by Aarre GmbH, registered in Switzerland under Swiss data protection law
  • GDPR compliance is structural — not a checkbox. Email fields encrypted, erasure-ready.
  • No American cloud. No US subpoena risk. No CLOUD Act exposure.
  • Fully auditable in your environment — every layer inspectable, no proprietary black boxes in the data path.

06

GDPR by Architecture

Privacy isn't a feature — it's the structure.

  • PII stored as ciphertext with separate encryption_meta columns
  • Right-to-erasure: delete the key → data is unrecoverable, chain stays intact
  • Retention workflows integrated with the platform infrastructure — not ad-hoc scripts
  • Multi-tenant: one customer's data is never co-mingled with another's
"Security is not a feature. It is the room the work happens in."

Live walkthrough

We walk you through the architecture live.

Including the audit chain and zero-trust access model — in your environment, against your data.